Vulnerability Description
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mit | Kerberos 5 | 1.1.1 |
| Sgi | Irix | 6.1 |
| Freebsd | Freebsd | 2.2 |
| Netbsd | Netbsd | 1.2.1 |
| Openbsd | Openbsd | 2.3 |
References
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.aPatch
- ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
- http://archives.neohapsis.com/archives/freebsd/2001-04/0466.htmlPatchVendor Advisory
- http://www.cert.org/advisories/CA-2001-07.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.nai.com/research/covert/advisories/048.asp
- http://www.securityfocus.com/bid/2548ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
- ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.aPatch
- ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P
- http://archives.neohapsis.com/archives/freebsd/2001-04/0466.htmlPatchVendor Advisory
- http://www.cert.org/advisories/CA-2001-07.htmlPatchThird Party AdvisoryUS Government Resource
- http://www.nai.com/research/covert/advisories/048.asp
- http://www.securityfocus.com/bid/2548ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6332
FAQ
What is CVE-2001-0247?
CVE-2001-0247 is a vulnerability with a CVSS score of 10.0 (HIGH). Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, a...
How severe is CVE-2001-0247?
CVE-2001-0247 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-0247?
Check the references section above for vendor advisories and patch information. Affected products include: Mit Kerberos 5, Sgi Irix, Freebsd Freebsd, Netbsd Netbsd, Openbsd Openbsd.